The effect of fear appeals on online privacy protection behavior
At a glance
It has been shown repeatedly that the degree to which individuals are willing to disclose personal information appears to be independent or only weakly related to their individual privacy concerns or their intentions. In the domain of data privacy, this gap between attitudes and intentions on the one hand and actual behavior on the other hand has been termed the “privacy paradox”. One of many potential explanations for this phenomenon could be that communication towards individuals in practice does not address privacy risks associated with personal information sharing.
The proposed project is based on a previous project financed by the Swiss Hasler Foundation and seeks to investigate the validity of such an explanatory account. The project is located at the intersection between human-computer interaction and psychology and proposes to design and evaluate a risk-oriented communication approach based on fear-inducing arguments for data processing practices of organizations. In the related field of information security, a communication based on fear appeals has first been suggested in 2010 to foster recommended security behavior. Since then, empirical evidence in terms of self-reported intentions and observed behavior has been collected and suggests the effectiveness of this idea. However, in the field of information privacy, this idea has only recently (in 2017) been proposed while no empirical evidence for its effectiveness exists to date.
Our goal is to study the effectiveness of risk-oriented communication based on fear appeals on individuals’ actual online privacy protection behavior. Fear appeals are persuasive messages that communicate threats to elicit protection motivation among recipients. The protection motivation theory (PMT) will serve as the theoretical basis for our hypotheses. The PMT has originally been devised and used in the area of health prevention research and is now applied in many other scientific disciplines, including information security. The basic idea behind PMT is that persuasive and fear-inducing forms of communication may result in a heightened protection motivation at the individual level when adequate coping opportunities exist.
To narrow down the scope of the project, we will focus on a specific type of threat to online privacy, namely browser cookies and online tracking, which are increasingly used privacy-invasive techniques found on many websites. To address our research question, we will use a mixed-method approach including an online experiment to collect empirical data on individuals’ protection behavior when confronted with potential threats imposed by cookies.
The results of this research will not only be beneficial to the field of information privacy and help to further explain the privacy paradox. They will also contribute to the related field of information security because empirical data on actual behavior - rather than mere behavioral intentions - will be collected. Furthermore, our project will also likely have a broader impact that may affect individuals, organizations and policy makers. In contrast to long and complex privacy policies as means of privacy communication, privacy information that focuses on the communication of threats in individual privacy-decision making may be more effective at supporting individuals to decide in accordance with their privacy attitudes and intentions, thereby fostering individual protection behavior.